As we noted a few days back, notorious ransomware gang REvil "Disappeared" again this week. The REvil leaks blog, known as Happy Blog, was made inaccessible on October 17, the same day one of its operators announced the group was shutting down due to a hijacking of their domain on Russian forum XSS, security vendor Flashpoint said at the time.
Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. As ransomware attacks became increasingly more profitable, Evil Corp launched an operation called BitPaymer, delivered via the Dridex malware to compromised corporate networks.
The AvosLocker ransomware gang is claiming that it breached tech giant Gigabyte, adding that it has leaked a sample of what it claims are files stolen from the Taiwanese company's network. "Some of the leaked data calls into question how Gigabyte stores and uses data," the writeup suggested.
The FIN7 hacking group is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting. As ransomware has become a profitable field for cybercriminals, and having previous experience with fake front companies like "Combi Security", the group set up a new firm to lure legitimate IT specialists.
The FIN7 hacking group is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting.The Gemini researchers found that FIN7 was offering between $800 and $1,200 per month to recruit C++, PHP, and Python programmers, Windows system administrators, and reverse engineering specialists by following tips from an unnamed source.
How is it that time and time again, companies - big companies - are continuing to fall for ransomware attacks? Why aren't we getting any better at preventing them? Attackers perform recon against their targets and tune their techniques for success.
The manufacturer of some of Halloween's most popular sweet treats has been hit with a ransomware attack that disrupted production mere weeks before the candy industry's biggest holiday. Chicago-based Ferrara Candy Co. confirmed publicly that a cyber-incident that encrypted some of its systems on Oct. 9, affecting the production of its numerous popular confection brands, including Brach's Candy Corn, which is a confection that divides candy enthusiasts into "Love it" and "Hate it" groups.
According to Darktrace's 2021 Ransomware Threat Report [PDF], ransomware attacks are on the rise. Ransomware recovery company Coveware reports that the median number of employees among ransomware victims stood at 200 in Q2 2021, and has actually dropped since the end of 2020.
A lot of virtual ink has flowed on the origins of NotPetya but the most important aspect of its behaviour for anyone involved in endpoint defence EDR was the stunning speed with which it turned entire networks of computers into boxes uselessly pushing warm air. If not EDR, what then? The industry's answer was more and better EDR, plus new options such as managed detection and response and extended detection and response, which as its name suggests adds a wider range of data points to the detection mix.
Many companies have struggled to recover from digital attacks because they have relied on traditional on-premise file sharing infrastructures with system failovers using duplicate infrastructures for disaster recovery. Many companies have forked out big money to attackers simply because they don't want to lose productive time, but cloud file storage systems' level of control enables the CIO to show the C-level team that the company can plan for and practice attack scenarios; the IT team can set more predictable and faster Recovery Time Objectives and adapt company recovery plans as new ransomware exploits emerge over time.